On Mon, Mar 23, 2020 at 02:55:46PM +0000, Mark Rutland wrote:

On Mon, Mar 23, 2020 at 02:39:55PM +0000, Catalin Marinas wrote:

quoted

So this means that the interpreter will have to mprotect(PROT_BTI) the
text section of the primary executable.

Yes, but after fixing up any relocations in that section it's going to
have to call mprotect() on it anyhow (e.g. in order to make it
read-only), and in doing so would throw away BTI unless it was BTI
aware.

Ah, of course - I forgot that's not a read/modify/write cycle.  I'll
send the comment version.

quoted

That's a valid point. If we have an old dynamic linker and the kernel
enabled BTI automatically for the main executable, could things go wrong
(e.g. does the PLT need to be BTI-aware)?

I believe that a PLT in an unguarded page needs no special treatment. A
PLT within a guarded page needs to be built specially for BTI.

Unguarded stuff is unaffected.